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DETAILED ACTION 



1. 



Claims 1-34 are pending for examination. 



2. 



Claims 1-14,16-30,32-33 are rejected. 



Claim Rejections - 35 USC § 112 



The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the 
subject matter which the applicant regards as his invention. 

3. Claim 18 recites the limitation "the request to ignore" in reference to claim 14. There is 
insufficient antecedent basis for this limitation in the claim. For the sake of applying art, the 
examiner assumes the phrase should be "The method of claim 15". Correction is required. 

Claim Rejections - 35 USC §102 
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 



(b) the invention was patented or described in a printed publication in this or a foreign country or in public use or on 
sale in this country, more than one year prior to the date of application for patent in the United States. 



4. Claims 1-14,16-17, 19-30,32-33 are rejected under 35 U.S.C. 102(b) as being anticipated 
by Camp et al, U.S. Patent 6,317,729 Bl. 

5. As per claim 1 ; "A method for use in a device associated with a first party for performing 
a key retrieval operation, the method comprising the steps of: 

generating in the first party device a request for 

the partial assistance of a device associated with a second party in recovering 
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a key from 

data stored on the first party device, 

wherein 

the second party device is remote from 

the first party device [Abstract, figures 1-2 and accompanying descriptions with 
figure 2 more particularly, whereas the SET standardized secure transaction protocols 
applied to enabling encrypted products (i.e., enabling use of an encrypted key resident 
with the encrypted product that the SET is involved with) via bank verification of 
customer financial viability/authorization (i.e., via the bank/merchant message sequence 
and subsequent merchant/customer message sequence), clearly encompasses 'generating 
. . . request . . . partial assistance . . . second party . . . recovering . . . key . . . second party . . . 
remote ... first party', as broadly interpreted by the examiner.]; 
transmitting the request from 

the first party device to 

the second party device [Abstract, figures 1-2 and accompanying descriptions 
with figure 2 more particularly, whereas the SET standardized secure transaction 
protocols applied to enabling encrypted products (customer to merchant purchase request, 
verification message sequences, delivery of decryption key for encrypted product), 
clearly encompasses 'transmitting the request . . . first party . . . second party', as broadly 
interpreted by the examiner.]; 
receiving results in the first party device generated by 

the second party device based on 
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the partial assistance provided by the second party device [Abstract, 
figures 1-2 and accompanying descriptions with figure 2 more particularly, 
whereas the SET standardized secure transaction protocols applied to enabling 
encrypted products (merchant to customer verification message sequences, 
delivery of decryption key for encrypted product), clearly encompasses 'receiving 
results . . . first party . . . second party', as broadly interpreted by the examiner.]; 
and 

using at least a portion of the received results in the first party device to 
recover the key for subsequent use as 
a private key in 

one or more associated public key cryptographic techniques 
[Abstract, figures 1-2 and accompanying descriptions with figure 2 more 
particularly, whereas the SET standardized secure transaction protocols 
applied to enabling encrypted (i.e., PKI, etc., SET inclusive cryptographic 
techniques) products (customer use of decryption key delivered for 
encrypted product), clearly encompasses 'using ... portion ... results ... 
first party . . . recover the key . . . public key cryptographic techniques', as 
broadly interpreted by the examiner.].". 

As per claim 13, this claim is the apparatus claim for the method claim 1 above, and is 
rejected for the same reasons provided for the claim 1 rejection; "Apparatus for use in a device 
associated with a first party for performing a key retrieval operation, the apparatus comprising: 
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at least one processor operable to: 

(i) generate in the first party device a request for 

the partial assistance of a device associated with a second party in 
recovering 

a key from 

data stored on the first party device, 

wherein 

the second party device is remote from 
the first party device; 

(ii) transmit the request from 

the first party device to 
the second party device; 

(iii) receive results in the first party device generated by 

the second party device based on 

the partial assistance provided by the second party device; and 

(iv) use at least a portion of the received results in the first party device to 

recover the key for subsequent use as 
a private key in 

one or more associated public key cryptographic 
techniques; and 
memory, coupled to the at least one processor, for storing 
at least a portion of results associated with 
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one or more operations performed by the processor.". 

As per claim 11, this claim is the method claim for the method claim 1 above from the 
perspective of the server, and is rejected for the same reasons provided for the claim 1 rejection; 
"A method for use in a device associated with a first party for assisting in the performance of a 
key retrieval operation, the method comprising the steps of: 

receiving a request generating in and transmitted by a second party device for 
the partial assistance of the first party device in recovering 
a key from 

data stored on the second party device, 

wherein 

the first party device is remote from 
the second party device; and 
generating results in the first party device based on 

the partial assistance provided thereby for use in the second party device to 
recover the key for subsequent use as 
a private key in 

one or more associated public key cryptographic 
techniques.". 

As per claim 14, this claim is the method claim for the method claim 1 above whereas the 
'private key operation . . . public key cryptographic techniques' in the preamble is a more specific 
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embodiment of claim 1, and is rejected for the same reasons provided for the claim 1 rejection; 
"A method for use in a device associated with a first party for performing a private key operation 
associated with one or more public key cryptographic techniques, the method comprising the 
steps of: 

generating in the first party device a request for 

the partial assistance of a device associated with a second party in performing 
a private key operation using a private key associated with 
data stored on the first party device, 

wherein 

the second party device is remote from 
the first party device; 
transmitting the request from the first party device to the second party device; 
receiving results in the first party device generated by 
the second party device based on 

the partial assistance provided by the second party device; and 
using at least a portion of the received results in the first party device to perform the 
private key operation.". 

As per claim 33, this claim is the apparatus claim for the method claim 14 above, and is 
rejected for the same reasons provided for the claim 14 rejection; "Apparatus for use in a device 
associated with a first party for performing a private key operation associated with one or more 
public key cryptographic techniques, the apparatus comprising: 
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at least one processor operable to: 

(i) generate in the first party device a request for 

the partial assistance of a device associated with a second party in 
performing 

a private key operation using a private key associated with 
data stored on the first party device, 

wherein 

the second party device is remote from 
the first party device; 

(ii) transmit the request from the first party device to the second party device; 

(iii) receive results in the first party device generated by 

the second party device based on 

the partial assistance provided by the second party device; and 

(iv) use at least a portion of the received results in the first party device to perform 
the private key operation; and 

memory, coupled to the at least one processor, for storing at least a portion of results 
associated with one or more operations performed by the processor.". 

As per claim 30, this claim is the method claim for the method claim 14 above from the 
perspective of the server, and is rejected for the same reasons provided for the claim 14 rejection; 
"A method for use in a device associated with a first party for assisting in performing a private 
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key operation associated with one or more public key cryptographic techniques, the method 
comprising the steps of: 

receiving a request generating in and transmitted by a second party device for 
the partial assistance of the first party device in performing 

a private key operation using a private key associated with 
data stored on the second party device, 

wherein 

the first party device is remote from 
the second party device; and 
generating results in the first party device based on 

the partial assistance provided thereby for use in the second party device to 
perform the private key operation.". 

6. Claim 2 additionally recites the limitation that; "The method of claim 1, wherein 

the first party device is a client device and 

the second party device is a server.". 
The teachings of Camp et al are directed towards such limitations (i.e., Abstract, figures 1-2 and 
accompanying descriptions with figure 2 more particularly, whereas the SET standardized secure 
transaction protocols are clearly network oriented architectures and inclusive of specifically 
client server networks where the customer would typically be a client network element, and, 
clearly encompasses the claim limitations, as broadly interpreted by the examiner.). 
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As per claim 16, this claim is the method claim for the method claim 2 above whereas the 
'private key operation . . . public key cryptographic techniques' in the preamble is a more specific 
embodiment of claim 2, and is rejected for the same reasons provided for the claim 2 rejection; 
"The method of claim 14, wherein 

the first party device is a client device and 

the second party device is a server ". 

As per claim 12, this claim is the method claim for the method claim 2 above from the 
perspective of the server, such that the 'first party device', 'second party device', designations in 
the claim language are reversed, and is rejected for the same reasons provided for the claim 2 
rejection; "The method of claim 1 1, wherein 

the first party device is a server and 

the second party device is a client device.". 

As per claim 32, this claim is the method claim for the method claim 16 above from the 
perspective of the server, and is rejected for the same reasons provided for the claim 16 rejection; 
"The method of claim 30, wherein 

the first party device is a server and 

the second party device is a client device.". 

7. Claim 3 additionally recites the limitation that; "The method of claim 1, wherein 
the data stored on the first party device has 
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a piece of secret information associated therewith which 
is included in the request, and further wherein 
the partial assistance is provided by the second party device when 
a verification is made by the second party device, 
based on the piece of secret information, 

that the first party sent the request". 
The teachings of Camp et al are directed towards such limitations (i.e., Abstract, figures 1-2 and 
accompanying descriptions with figure 2 more particularly, whereas the SET standardized secure 
transaction protocols (customer identification and financial information, clearly secret, to 
merchant to bank verification message sequences, clearly partial assistance, delivery of 
decryption key for encrypted product), clearly encompasses the claim limitations, as broadly 
interpreted by the examiner.). 

As per claim 17, this claim is the method claim for the method claim 3 above whereas the 
'private key operation . . . public key cryptographic techniques' in the preamble is a more specific 
embodiment of claim 3, and is rejected for the same reasons provided for the claim 3 rejection; 
"The method of claim 14, wherein 

the data stored on the first party device has 

a piece of secret information associated therewith which 
is included in the request, and further wherein 
the partial assistance is provided by the second party device when 
a verification is made by the second party device, 
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based on the piece of secret information, 

that the first party sent the request.". 

8. Claim 4 additionally recites the limitation that; "The method of claim 1, wherein 
the request generated by the first party device comprises 

cryptographic information 

included in the data stored on the first party device and 

previously generated from the key.". 
The teachings of Camp et al are directed towards such limitations (i.e., Abstract, figures 1-2 and 
accompanying descriptions with figure 2 more particularly, whereas the SET standardized secure 
transaction protocols (customer identification and financial information, HASHed and clearly 
cryptographic information, to merchant to bank verification message sequences, clearly partial 
assistance, delivery of decryption key for encrypted product (i.e., enabling use of an encrypted 
key resident with the encrypted product that the SET is involved with)), clearly encompasses the 
claim limitations, as broadly interpreted by the examiner.). 

9. Claim 5 additionally recites the limitation that; "The method of claim 4, wherein 
the cryptographic information is generated via 

an encryption operation which is a function of 

one or more pieces of secret information associated with the first party, 
the key, and 

a public key associated with the second party device.". 
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The teachings of Camp et al are directed towards such limitations (i.e., Abstract, figures 1-2 and 
accompanying descriptions with figure 2 more particularly, whereas the SET standardized secure 
transaction protocols (customer information, HASHed encryption operation of cryptographic 
information, to merchant to bank verification message sequences (inclusive of cross 
authentication which deals with the second device public key)), clearly encompasses the claim 
limitations, as broadly interpreted by the examiner.). 

10. Claim 6 additionally recites the limitation that; "The method of claim 4, wherein 
the results generated by the second party device comprise 

results associated with the second party device partially decrypting 

at least a portion of the cryptographic information in the request.''. 
The teachings of Camp et al are directed towards such limitations (i.e., Abstract, figures 1-2 and 
accompanying descriptions with figure 2 more particularly, whereas the SET standardized secure 
transaction protocols (customer information, processed HASHed encryption operation of 
cryptographic information and resulting bank verification message sequences (inclusive of cross 
authentication which deals with the second device public key)), clearly encompasses the claim 
limitations, as broadly interpreted by the examiner.). 

1 1 . Claim 7 additionally recites the limitation that; "The method of claim 6, wherein the step 
of using at least a portion of the received results in the first party device further comprises 

completing the decryption of 

at least a portion of the cryptographic information to 
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recover the key.". 

The teachings of Camp et al are directed towards such limitations (i.e., Abstract, figures 1-2 and 
accompanying descriptions with figure 2 more particularly, whereas the SET standardized secure 
transaction protocols (customer information, processed HASHed encryption operation of 
cryptographic information and resulting bank verification message sequences (inclusive of cross 
authentication which deals with the second device public key)), clearly encompasses the claim 
limitations, as broadly interpreted by the examiner.). 

12. Claim 8 additionally recites the limitation that; "The method of claim 1, further 
comprising 

the step of at least temporarily storing the recovered key at the first party device.". 
The teachings of Camp et al are directed towards such limitations (i.e., Abstract, figures 1-2 and 
accompanying descriptions with figure 2 more particularly, whereas the SET standardized secure 
transaction protocols and associated request/response information is clearly stored as both 
persistent and non-persistent (i.e., temporarily) data at the various network nodes, clearly 
encompasses the claim limitations, as broadly interpreted by the examiner.). 

13. Claim 9 additionally recites the limitation that; "The method of claim 1, wherein the one 
or more associated public key cryptographic techniques comprise 

decryption or 
signature operations.". 
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The teachings of Camp et al are directed towards such limitations (i.e., Abstract, figures 1-2 and 
accompanying descriptions with figure 2 more particularly, whereas the SET standardized secure 
transaction protocols (secure challenge/response, signing, authorization/authentication 
sequences, content/message encryption/decryption, etc.,), clearly encompasses the claim 
limitations, as broadly interpreted by the examiner.). 

14. Claim 10 additionally recites the limitation that; "The method of claim 1, wherein 
no pre-registration process need take place between 

the first party device and 

the second party device.". 
The teachings of Camp et al are directed towards such limitations (i.e., Abstract, figures 1-2 and 
accompanying descriptions with figure 2 more particularly, whereas the SET standardized secure 
transaction protocols are communicated over the Internet (i.e., ad-hoc and therefore a non pre- 
registration process at the higher OSI layers), clearly encompasses the claim limitations, as 
broadly interpreted by the examiner.). 

As per claim 29, this claim is the method claim for the method claim 10 above whereas 
the 'private key operation . . . public key cryptographic techniques' in the preamble is a more 
specific embodiment of claim 10, and is rejected for the same reasons provided for the claim 10 
rejection; "The method of claim 14, wherein 

no pre-registration process need take place between 
the first party device and 
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the second party device ". 

15. Claim 19 additionally recites the limitation that; "The method of claim 14, wherein 
the step of sharing the performance of the private key operation comprises 

a function sharing operation.". 
The teachings of Camp et al are directed towards such limitations (i.e., Abstract, figures 1-2 and 
accompanying descriptions with figure 2 more particularly, whereas the SET standardized secure 
transaction protocols (secure challenge/response, signing, authorization/authentication 
sequences, content/message encryption/decryption and associated function sharing, etc.,), clearly 
encompasses the claim limitations, as broadly interpreted by the examiner.). 

16. Claim 20 additionally recites the limitation that; "The method of claim 14, wherein 
the data stored on the first party device was constructed by 

generating 

a first share and 

a second share of a private key associated with the first party device.". 
The teachings of Camp et al are directed towards such limitations (i.e., Abstract, figures 1-2 and 
accompanying descriptions with figure 2 more particularly, whereas the SET standardized secure 
transaction protocols (secure challenge/response, transaction batching and associated partial/full 
rollback, signing, authorization/authentication sequences, content/message encryption/decryption 
and associated function sharing, etc.,), clearly encompasses the claim limitations, as broadly 
interpreted by the examiner.). 
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17. Claim 21 additionally recites the limitation that; "The method of claim 20, wherein 
the first share is constructed so that the share can be generated from 

a piece of secret information associated with the first party and 

information stored on the first party device.". 
The teachings of Camp et al are directed towards such limitations (i.e., Abstract, figures 1-2 and 
accompanying descriptions with figure 2 more particularly, whereas the SET standardized secure 
transaction protocols (customer identification and financial information, clearly secret, to 
merchant to bank verification message sequences, secure challenge/response, transaction 
batching and associated partial/full rollback, signing, authorization/authentication sequences, 
content/message encryption/decryption and associated function sharing, etc.,), clearly 
encompasses the claim limitations, as broadly interpreted by the examiner.). 

18. Claim 22 additionally recites the limitation that; "The method of claim 21, wherein 
the data stored on the first party device comprises 

an encryption of at least the second share of the private key in accordance with 
a public key associated with 

the second party device so as to 

generate cryptographic information.". 
The teachings of Camp et al are directed towards such limitations (i.e., Abstract, figures 1-2 and 
accompanying descriptions with figure 2 more particularly, whereas the SET standardized secure 
transaction protocols (transaction batching and associated partial/full rollback, signing, 
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authorization/authentication sequences, content/message encryption/decryption and associated 
function sharing, of which in the sharing case, partial (i.e., granularity aspects per se) and full 
encryption/private key functionality is enabled, etc.,), clearly encompasses the claim limitations, 
as broadly interpreted by the examiner.). 

19. Claim 23 additionally recites the limitation that; "The method of claim 21, wherein 
the request generated in the first party device comprises 

the cryptographic information.". 
The teachings of Camp et al are directed towards such limitations (i.e., Abstract, figures 1-2 and 
accompanying descriptions with figure 2 more particularly, whereas the SET standardized secure 
transaction protocols (secure challenge/response, signing/authorization/authentication sequences 
(i.e., cryptographic information), content/message encryption/decryption, etc.,), clearly 
encompasses the claim limitations, as broadly interpreted by the examiner.). 

20. Claim 24 additionally recites the limitation that; "The method of claim 23, wherein the 
step of using at least a portion of the received results in the first party device to perform the 
private key operation comprises 

completing a computation of the private key operation at the first party device using 
results of a computation portion contributed by the second party device ". 
The teachings of Camp et al are directed towards such limitations (i.e., Abstract, figures 1-2 and 
accompanying descriptions with figure 2 more particularly, whereas the SET standardized secure 
transaction protocols (customer information, processed HASHed encryption operation of 
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cryptographic information and resulting bank verification message sequences (inclusive of cross 
authentication which deals with the second device public key)), clearly encompasses the claim 
limitations, as broadly interpreted by the examiner.). 

21. Claim 25 additionally recites the limitation that; "The method of claim 14, wherein 
the private key operation comprises 

a decryption operation ". 
The teachings of Camp et al are directed towards such limitations (i.e., Abstract, figures 1-2 and 
accompanying descriptions with figure 2 more particularly, whereas the SET standardized secure 
transaction protocols (processed HASHed encryption operation of cryptographic information and 
resulting bank verification (i.e., decryption aspects) message sequences (inclusive of cross 
authentication which deals with the second device public key)), clearly encompasses the claim 
limitations, as broadly interpreted by the examiner.). 

22. Claim 26 additionally recites the limitation that; "The method of claim 25, wherein 
the decryption operation comprises 

an ElGamal protocol". 

The teachings of Camp et al are directed towards such limitations (i.e., Abstract, figures 1-2 and 
accompanying descriptions with figure 2 more particularly, whereas the SET standardized secure 
transaction protocols (processed HASHed encryption operation of cryptographic information and 
resulting bank verification (i.e., ElGamal decryption/key transfer aspects) message sequences 
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(inclusive of cross authentication which deals with the second device public key)), clearly 
encompasses the claim limitations, as broadly interpreted by the examiner.). 

23. Claim 27 additionally recites the limitation that; "The method of claim 14, wherein 
the private key operation comprises 

a signature operation.". 

The teachings of Camp et al are directed towards such limitations (i.e., Abstract, figures 1-2 and 
accompanying descriptions with figure 2 more particularly, whereas the SET standardized secure 
transaction protocols (processed HASHed encryption operation of cryptographic information and 
resulting bank verification (i.e., signature operation aspects) message sequences (inclusive of 
cross authentication which deals with the second device public key)), clearly encompasses the 
claim limitations, as broadly interpreted by the examiner.). 

24. Claim 28 additionally recites the limitation that; "The method of claim 27, wherein 
the signature operation comprises 

anRSA protocol.". 

The teachings of Camp et al are directed towards such limitations (i.e., Abstract, figures 1-2 and 
accompanying descriptions with figure 2 more particularly, whereas the SET standardized secure 
transaction protocols (processed HASHed encryption operation of cryptographic information and 
resulting bank verification (i.e., signature operation RSA protocol aspects) message sequences 
(inclusive of cross authentication which deals with the second device public key)), clearly 
encompasses the claim limitations, as broadly interpreted by the examiner.). 



Application/Control Number: 10/072,331 
Art Unit: 2136 



Page 21 



Allowable Subject Matter 
25. Claims 15, 18, 31 and 34 are objected to as being dependent upon a rejected base claim, 
but would be allowable if rewritten in independent form including all of the limitations of the 
base claim and any intervening claims. 
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Conclusion 



26. Any inquiry concerning this communication or earlier communications from examiner 
should be directed to Ronald Baum, whose telephone number is (571) 272-3861, and whose 
unofficial Fax number is (571) 273-3861. The examiner can normally be reached Monday 
through Thursday from 8:00 AM to 5:30 PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh, can be reached at (571) 272-3795. The Fax number for the organization 
where this application is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. For more information for 
unpublished applications is available through Private PAIR only. For more information about the 
PAIR system, see http://pair-direct.uspto. gov . Should you have questions on access to the Private 
PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 



Ronald Baum 
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